“PREDATOR” malware enabling voice recording and data theft on Android devices

Share post:

Cisco Talos researchers have detected “PREDATOR” smartphone malware produced by Cytrox. This virus is capable of discreetly recording voice calls, capturing adjacent audio, extracting data from messaging apps like as Signal and WhatsApp, and even hiding or disabling programs after a device reset.

Talos discovered that the malware has a “ALIEN” component, which was previously assumed to be inconsequential but is really critical to the virus’s composition. To avoid detection and analysis, spyware developers such as Cytrox and NSO Group employ innovative tactics such as zero-click and one-click attacks. Cytrox created a one-click vulnerability for deploying the “PREDATOR” malware. These attack sequences make detecting and defending against spyware challenging.

Talos analyzed the PREDATOR malware and discovered that it utilizes five vulnerabilities (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003, and CVE-2021-1048) to bypass security features on Android devices. These vulnerabilities exploit weaknesses in Google Chrome, Linux, and Android, giving the malware control over the targeted devices.

ALIEN, working in conjunction with PREDATOR, plays a significant role in evading Android’s security measures, including SELinux restrictions. SELinux is responsible for protecting access to communication channels called sockets, which malware often misuses. By loading ALIEN into Zygote64, the memory space for launching apps on Android, the spyware gains greater control and management over stolen data.

The sources for this piece include an article in ArsTechnica.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways